During Dynatrace Innovate in Amsterdam, we spoke with Bernd Greifeneder, the CTO of the company that presents itself as an observability-and-security company. Among other things, we talked to him about the relationship between observability and platforms, rules and regulations and shift left. The latter, according to him, is not a good idea. It should be about extend left.
Greifeneder is one of the founders of Dynatrace, which has been around for nearly 20 years. The company has gained a solid position in the observability market over the years. In Gartner’s most recent report with its Magic Quadrant, the company ranks very high in the top right corner. The only one that can come close is Datadog; a player like Splunk ranks a lot lower, but admittedly still in the Leaders quadrant.
Dynatrace is “radically different”
What the exact value of Gartner quadrants is for specific organizations is something we can argue about. In general, we think they are slightly overvalued. As such, we generally don’t find such rankings very interesting. Dynatrace itself, however, is a very interesting company, as far as we are concerned. If only because it has its origins in Europe (Austria), which is quite special in itself. In addition, it has been focusing on observability since well before it became a major topic, it seems. To illustrate, Dynatrace was founded in 2005, Splunk came out with its own Observability Cloud in 2021.
During a press breakfast we attended at Dynatrace Innovate, CEO Rick McConnell also articulated yet again that Dynatrace is really a different company and platform than what you find in the rest of the market anyway. He calls Dynatrace “radically different.” There’s undoubtedly a lot of marketing in that, but also a real kernel of truth.
We talked above about the company’s European roots. There is also the fact that the company has pretty clear what it wants to achieve. They are very focused on delivering these goals. This can have quite radical consequences for the platform Dynatrace offers. Greifeneder gives a good example of this during our conversation with him. “We built Grail because we couldn’t find what we wanted anywhere else,” according to him. Grail is a data lakehouse and is rather important for providing context to logs, metrics and traces.
Overlap and platform thinking
The fact that Dynatrace decides to build its Grail themselves is not extremely unusual. More vendors build components because they find the current offerings not compelling enough. In the case of data lakehouses, however, there are some fairly modern players, such as Snowflake and Databricks. Apparently, even those don’t meet Dynatrace’s requirements.
According to Greifeneder, this has to do with what he believes the company stands for: “Dynatrace should be known for the quality of the data and the automation based on this data.” For example, Snowflake, according to him, is not suitable from observability purposes if you need to ingest a lot of data. Dynatrace is built for that. So Dynatrace customers send less data to Snowflake and more to Dynatrace. This is not to say that Dynatrace wants to be a replacement for Snowflake, but rather that there is some overlap.
With the above example, Greifeneder touches on an interesting point. To what extent should observability be a part of platforms and to what extent can it still be a “point solution”? There is a lot of activity in the platform space. Several big players such as Cisco, HPE and ServiceNow make observability an (important) part of their platform.
However, these are vendors that historically don’t come at it from an observability angle. They have added it to their existing platforms. Dynatrace expands more or less in the opposite direction, from observability to the infrastructure necessary to actually deliver it properly. That means overlap with the likes of Snowflake increases, but there’s not real desire at the moment to expand it even further. Dynatrace only considers that if it has to because they can’t deliver what they want to deliver.
Security and compliance
Observability is without a doubt the core of Dynatrace. However, the relevance of its platform also extends into other areas. Business Analytics is one, but it can also be used for security purposes. More specifically, observability data can help organizations when it comes to cyber resilience. With all the laws and regulations coming and/or already in place, being able to demonstrate resilience is becoming an increasingly important part of the security story within companies.
Greifeneder specifically cites DORA during Innovate. This new legislation, the localized version of which goes into effect in the member states of the European Union on Jan. 17, 2025, requires, among other things, that organizations not only be compliant at the time of an audit, but also be able to prove that they always are. For that, you need data, which you can get through an observability platform.
Greifeneder calls the above approach continuous compliance. That, he says, goes beyond standard compliance because it can demonstrate compliance for every moment. That should also ensure that an audit for compliance does not come across as a tick box exercise, but is something everyone is always doing anyway. That sounds good in theory as far as we’re concerned. Whether it will improve the overall security posture, we have to see first. It still remains to some extent a tick box story. There is still no huge trigger to move beyond compliance toward more security.
Not shift left, but extend left
Surely one of the most striking statements Greifeneder mentioned in a session we attended was “shift left isn’t right.” In our conversation with him, we asked for some more substantiation for that statement. “Shift left is a disaster for enterprise organizations,” he reiterates his view on the matter.
Greifeneder is not a fan of shifting responsibility for security to developers, that much is clear. We completely agree with this, by the way. Greifeneder wants to move more toward extend left. This does not involve shifting the responsibility so much, but means more teams share the responsibility.
Sharing responsibility obviously brings with it other potential problems, but conceptually, extend left is better than shift left, although we suspect/hope that’s what almost everyone means when it comes to shift left. Here you make developers aware of security/compliance issues, but involve other parts of the organization as well. Developers don’t need to know the ins and outs of security, but only see a subset of the things that are necessary to build secure applications.
With the concept of continuous compliance we talked about above, such a division should also be achievable. However, the idea of teams sharing responsibilities in the realm of cybersecurity is not new. We have been talking about building bridges between teams for many years. In practice, at least in our conversations, we still don’t hear very many success stories about that. Perhaps Dynatrace can make good strides in that with the observability and security platform it offers. In theory, that is quite possible, because ultimately, observability data is very fundamental data of an organization. There is added value to be gained from it in many areas. It’s up to Dynatrace to convince the market that this is the case.
Also read: The security platform: what is it and what does it deliver?